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DETAILED ACTION 
Response to Arguments 

1. Claims 1-11 are pending 

2. Applicant's arguments with respect to claim 1-1 1 have been considered but are 
moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC §112 
3. Claim land 3 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 

applicant regards as the invention. 
With regard to claim 1, the recited limitation " and the mapping" needs to be 
further defined. 

With regard to claim 3, the recited limitation u within the received 
communication" needs to be further defined. 



Double Patenting 

4. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
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USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, All 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



5. Claims 1,3,4,5-8,10 and 11 are rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over claim 1, 
17,20,22,24,27,28 and 41 of U.S. Patent No. 6,693,878. Although the conflicting claims 
are not identical, they are not patentably distinct from each other because : 



Application 10/758,434 


US Patent 6,693,878 


Claim 1. (currently amended) An 
apparatus for routing packets from a first 
network node to a second network node 
in a data network, comprising: 
means for assigning and then sending an 
ID to the first node; 

means for mapping the assigned ID with 

at least one VPN, wherein the 

ID is assigned, sent, and mapped by an 


1 A method of routing packets from a first 
network node to a second 
network node in a data network, the data 
network including an access network 
having at least one Head End device and a 
plurality of nodes, the access 
network further including at least one 
shared access channel utilized by the 
first and second nodes to communicate 
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entity other than the first node; 
means for receiving a packet from the 
first node, said packet including the ID 
associated 

with said first node, and including routing 
information for routing said packet to a 
destination 

address associated with said second 
node; 

means for examining the packet to 
identify the ID of the first node; and 
means for using said first node ID and 
routing information and the mapping to 
determine 

whether said first node is associated with 
at least one VPN. 


with the Head End device, said first and 
second nodes being members of a first 
Virtual Private Network (VPN), said first 
VPN being associated with at least one 
first VPN customer edge device, said 
method comprising: assigning an ID to the 
first node that is associated with at 
least one VPN, wherein the ID is assigned 
by an entity other than the first 
node; receiving a packet from the first 
node, said packet including the ID 
associated with said first node, and 
including routing information for routing 
said packet to a destination address 
associated with said second node; 
examining the packet to identify the ID of 
the first node; and using said 
first node ID to determine whether said first 
node is associated with at least 
one VPN. 


Claim 3. (currently amended) 

An apparatus of associating nodes in a 

data network with at least 

one virtual private network (VPN), the 

data network including an access network 

having at least 

one Head End device and a plurality of 
nodes, the access network further 
including at least one 
shared access channel utilized by a first 
and a second node of the plurality of 
nodes to 

communicate with the Head End device, 
said apparatus comprising: 
means for assigning and then sending an 
ID to the first node; 

means for mapping the assigned ID with 
at least one VPN, wherein the ID is 


Claim 17: method of associating nodes in a 
data network with at least one 
virtual private network (VPN), the data 
network including an access network 
having at least one Head End device and a 
plurality of nodes, the access 
network further including at least one 
shared access channel utilized by a 
first and a second node of the plurality of 
nodes to communicate with the Head 
End device, said method comprising: 
assigning an address to the first node that 
is associated with at least one VPN, 
wherein the address is assigned by an 
entity other than the first node; receiving a 
communication from the first 
node in the access network; identifying the 
address of the first node, wherein 
the address is specific to the network on 
which the first node resides; and 


assigned, sent, and mapped bv an entitv 
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other than the first node; 
means for receiving an address for the 
first node that is associated with at least 
one VPN, means for receiving a 
communication from the first node in the 
access network; 

means for identifying, within the received 
communication, the address and ID of the 
first node, and means for using said 
identified address, the identified ID, and 
the maooina to determine whether said 
first node is associated with at least one 
VPN. 


using said address to determine whether 
said first node is associated with at 
least one VPN. 


Claim 4. (original) The apparatus of claim 
3 further comprising means for mapping 
said first node to a particular sub- 
interface on the access network. 


Claim 20: The method of claim 17 further 
comprising mapping said first node to a 
particular sub-interface on the access 
network based upon the address of the 
first node. 


Claim 5. (currently amended) An 
apparatus of associating nodes in a data 
network with at least one virtual private 
network (VPN), the data network 
including an access network having at 
leastone Head End device and a plurality 
of nodes, the access network further 
including at least one 
shared access channel utilized by a first 
and a second node of the plurality of 
nodes to 

communicate with the Head End device, 
said apparatus comprising: 

means for determining whether said first 
node is a member of at least one VPN; 
and 

means for if it is determined that said first 
node is a member of at least one VPN, 
assiqnina and then sending an ID to the 


Claim 22: A method of associating nodes 
in a data network with at least one 
virtual private network (VPN), the data 
network including an access network 
having at least one Head End device and a 
plurality of nodes, the access 
network further including at least one 
shared access channel utilized by a 
first and a second node of the plurality of 
nodes to communicate with the Head 
End device, said method comprising: 
determining whether said first node is a 
member of at least one VPN' and if it is 

III X^ III *S 1 W 1 I 1 \* K %f 1 1 VI ' ' J ■ 1 II ■ • 1 *w 

determined that said first node is a 
member of at least one VPN, binding an ID 
of said node with said VPN to thereby 
cause said first node to be associated with 
said VPN, wherein the ID is bound 
with the node by an entity other than the 
node. 
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node and binding the ID of said node with 
said VPN to thereby cause said first node 
to be associated with said VPN, wherein 
the ID is assigned, sent, and then bound 
by an entity other than the node. 




Claim 6. (original) The apparatus of claim 
5 further including means for mapping a 
particular sub- interface of the Head End 
to said particular VPN. 


Claim 20: The method of claim 17 further 
comprising mapping said first node to a 
particular sub-interface on the access 
network based upon the address of the 
first node. 


Claim 7. (currently amended) 
The apparatus of claim 5 further 
comprising: 

means for receiving at said Head End 
device a packet from said first node, said 
packet including 

a destination address corresponding to a 
second node in the network; 
means for examining said packet to 
identify the ID of said first node; and 
means for using said ID at said Head End 
device to determine whether said first 
node is a member of at least one VPN. 


Claim 27: The method of claim 22 further 

comprising: receiving at said Head End 

device a packet from said first node, said 

packet including a destination 

address corresponding to a second node 

in the network; examining said packet 

to identify the ID of said first node; and 

using said ID at said Head End 

device to determine whether said first node 

is a member of at least one VPN. 


Claim 8. (original) The apparatus of claim 
7 further comprising: means for if it is 
determined that said first node is a 
member of a first VPN, determining at 
said 

Head End device whether the destination 
address of said packet is within said first 
VPN. 


Claim 28: The method of claim 27 further 
comprising: if it is determined that 
saiu iirsi noue is a memoer ot a Tirsi vr in, 
Hptprmininn at ^aid Hp^H FnH Hp\/irp 

whether the destination address of said 
packet is within said first VPN. 




Claim 41 : A method of configuring a Head 
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Claim 10. (currently amended) 

An apparatus for configuring a Head End 

of an access network to 

route packets from a first node to a 

second node in the access network, the 

apparatus comprising: 

means for associating particular network 

nodes on the access network with a first 

virtual private network (VPN) ; 

means for assigning and then sending to 

the first node an ID , wherein the ID is 

assigned and sent to the first node bv an 

entity other than the first node; and 

means for associating the assigned ID 

with the first VPN to thereby cause the 

first node to be associated with the first 

VPN, wherein the assigned ID is 

associated bv the entitv other than the 

first node. 


End of an access network to route 
packets from a first node to a second node 
in the access network, the access 
network including at least one shared 
access channel utilized by a plurality of 
nodes in the access network to 
communicate with the Head End, the Head 
End 

including a plurality of sub-interfaces for 
managing virtual private network 
(VPN) traffic over the access network, the 
first and second nodes being members 
of a first Virtual Private Network (VPN), the 
method comprising: associating 
particular network nodes on the access 
network with at least one corresponding 
virtual private network; assigning to the 
first node an ID specific to the 
access network, wherein the ID is 
assigned to the first node by an entity other 
than the first node; and associating the 
assigned ID with the first VPN to 
thereby cause the first node to be 
associated with the first VPN. 


1 1 . The apparatus of claim 1 0 further 
means for including mapping a particular 
sub-interface of the Head End to the first 
VPN. 


Claim 24. The method of claim 23 further 
including mapping a particular 
sub-interface of the Head End to said 
particular VPN. 
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Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

8. Claims 1 and 2 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijolek et al. (US Patent 6,510,162) in view of Casey (US Patent 6,493,349). 

With regard to claim 1, Fijolek et al. discloses having an apparatus for routing 
packets from a first network node to a second network node in a data network, Fijolek et 
al. discloses having a cable modem termination system 12 in fig .1 in a cable network 
that is routing data from a from a cable modem ("first network node" back to a cable 
modem ("second network node ", fig. 5). 

comprising: means for assigning a nd the sending an ID to the first node; means for 
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mapping the assigned ID with at least on VPN, wherein the ID is assigned, s ent and 
mapped by an entity other than the first node; Fijolek et al. discloses having a cable 
modem termination system 12 in fig. 1 that assigns service identifiers (SIDs) to CM 
(cable modems, column 15 line 17-18). However, Fijolek et al. means for mapping the 
assigned ID with at least on VPN, wherein the ID is assigned, sent and mapped by an 
entity other than the first node. Casey discloses having extended Internet protocol 
virtual private network architectures ( titles)... also assigning a VPN ( ID) to a first router 
( " first node") linking ("mapping 1 ') VPN. ..VPN assigned and linked second router 
("entity other than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first 
router and second router as taught Casey to provide a more scalable VPN 
infrastructure. 

means for receiving a packet from the first node, said packet from the first node, 
said packet including the ID associated with said first node, and including routing 
information for routing said packet to a destination address associated with said second 
node; Fijolek et al. discloses having a packet format for a incoming packet being 
received form a CM (cable modem, column 15 table 9 and 10 line 25-67). 



means for examining the packet to identify the ID of the first node\ Fijolek et al. 
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discloses the cable modem termination system 12 (CMTS) have the means of 
examining incoming packets with service identifiers (SID, column 15 Iine10~67). 

and means for using said first node ID and routing information and the mapping to 
determine whether said first node is associated with at least one VPN. Fijolek et al. 
discloses having a unique service identifier (SID) corresponding to a cable modem (CM) 
and the SID and routing information transmitted in a packet. However, Fijolek et al. does 
not disclose first node is associated with at least one VPN. Casey discloses having 
aVPN identifier being linked to a first router ( column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) assigning a unique identifier SID within a packet as taught by Fijolek et al. 
along with a VPN ID assigned, sent, linked to first router and second router as taught 
Casey to provide a more scalable VPN infrastructure. 

With regard to claim 2, in combination Fijolek et al. and Casey teaches the 
apparatus recited in claim 1 .Further comprising means for routing the packet to the 
second node. Fijolek et al. discloses in fig. 1 that the cable modem termination system 
12 (CMTS) has the means to transmit a packet to a second CM (cable modem). 

9. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable 
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over Fijolek et al. (US Patent 6,577,642) in view of Rosen et al. ( M BGP/MPLS VPNs' 1 
1999) and Casey (US Patent 6,493,349). 

With regard to claim 5, Fijolek et al. discloses an apparatus of associating 
nodes in a data network with at least one virtual private network (VPN), the data 
network including an access network having at least one Head End device and a 
plurality of nodes, the access network further including at least one shared access 
channel utilized by a first and a second node of the plurality of nodes to communicate 
with the Head End device, Fijolek et al. discloses having a cable modem termination 
system 12 in fig 1 located in a head end of cable system 26 ( fig. 1 ). It is conventional 
that a cable modem termination system can operate as point-to-point or point-to- 
multipoint and that the cable modem are bi-directionally communicating with the head 
end. Fijolek et al. discloses having a virtual networking administration in a data-over- 
cable-system 10 using a network address and the first virtual networking tag stored in a 
virtual networking table associated with the second network device to provide selected 
first network devices a desired networking service on a virtual network via the data- 
over-cable-system (column 28 line 34-43). 

Fijolek et al. does not discloses said apparatus comprising: means for determining 
whether said first node is a member of at least one VPN] Rosen et al. discloses having 
a method in which a service provider with an IP backbone may provide VPNs (Virtual 
Private Networks) for its customers with MPLS (Multiprotocol Label Switching) is used 
for forwarding packets over the backbone (Abstract). It is inferred that this mechanism 



Application/Control Number: Page 12 

10/758,434 

Art Unit: 2616 

can be implemented in the head end of a cable system 26. Rosen et al. further 
discloses assigning packets to a particular site ( page 7 line 12-1 3). ..also a packet's 
destination address, is matched against a VPN-lpv4 route ("page 8 line 49-51). It is 
inferred that the packets contains the information of the device or node from which it 
came from. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 9 column 28 line 18-19) as taught by Fijolek et al. matching a 
destination address against a VPN-lpv4 route as taught by Rosen to provide a 
mechanism that will transmit packets to a specific VPN. 

the means for if it is determined that said first node is a member of at least one VPN L 
assigning and then sending an ID to the node and binding the ID of said node with said 
VPN to thereby cause said first node to be associated with said VPN, wherein the ID is 
assigned, sent and then bound by an entity other than the node. Fijolek et al. discloses 
having a cable modem termination system 12 in fig. 1 that assigns service identifiers 
(SIDs) to CM (cable modems, column 15 line 17-18). However, Fijolek et al. means for 
mapping the assigned ID with at least on VPN, wherein the ID is assigned, sent and 
mapped by an entity other than the first node. Casey discloses having extended Internet 
protocol virtual private network architectures ( titles)... also assigning a VPN ( ID) to a 
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first router ( " first node") linking ("mapping") VPN. ..VPN assigned and linked second 
router ("entity other than first node", column 2 line 1 0-1 8). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first 
router and second router as taught Casey to provide a more scalable VPN 
infrastructure. 

With regard to claim 6, in combination Fijoleck et al. and Casey teaches the 
apparatus recited in claim 5. further including means for mapping a particular sub- 
interface of the Head End to said particular VPN. Fijoleck et al. discloses having a head 
end of cable system in fig. 1. Fijoleck et al. further discloses having a virtual networking 
administration in a data-over-cable-system 10 using a network address and the first 
virtual networking tag stored in a virtual networking table associated with the second 
network device to provide selected first network devices a desired networking service 
on a virtual network via the data-over-cable-system ( column 28 line 34-43). However, 
Fijoleck et al. does not disclose means for mapping a particular sub-interface of the 
Head End to said particular VPN. Rosen et al. discloses having a method in which a 
service provider with a IP backbone may provide VPNs (Virtual Private Networks) for its 
customers with MPLS (Multiprotocol Label Switching) is used for forwarding packets 
over the backbone (Abstract). Rosen et al. discloses that one could divide the interface 
into multiple "sub-interfaces"... and assign the packets to a VPN based on the on the 
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sub-interface over which it arrives (page 7 paragraph 3.1 line 1 1-17).1t is inferred that 
this mechanism can be implemented in the head end of the data-over-cable-system and 
that the head end also can limited to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 

10. Claims 7-9 are rejected under 35 U.SC 103(a) as being unpatentable over . 
Fijolek et al. (US Patent 6,577,642) and Rosen et al. ("BGP/MPLS VPNs" 1999) and 
Casey (US Patent 6,493,349) as applied to claim 5 above, and further in view of 
Gilbrech (US Patent 6,173,399 ). 

With regard to claim 7, in combination Fijolek et al. and Casey teaches the 
apparatus recited in claim 5. further comprising: means for receiving at said Head End 
device a packet from said first node, said packet including a destination address 
corresponding to a second node in the network; Fijolek et al. discloses having a head 
end of a cable system 26 in fig. I which has the means to send and receive packets from 
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cable modems.., such configurations may be "one-to-one" "one-to-many" or "many-to- 
many" (column 7 line 20-38). Fijolek et al. further discloses having 
means for examining said packet to identify the ID of said first node; Fijolek et al. 
discloses the cable modem termination system 12 (CMTS) have the means of 
examining incoming packets with service identifiers (SID, column 15 line10-67). 
and means for using said ID at said Head End device to determine whether said first 
node is a member of at least one VPN. Fijoleck et al. discloses having a cable modem 

termination system 12a-c... also Fijoleck et al discloses a cable television 
network 

headend is a central location ( column 4 line 33-34). However, Fijoleck et al. does not 
disclose first node is a member of at least one VPN. Gilbrech discloses having a VPN 
unit processing packet by examining the source and destination address of the packet. 
Gibrech further discloses the VPN unit moderates data communication between 
members of a defined VPN group (column 2 line 45-48)... the VPN unit maintains a 
lookup table identifying members of a specific virtual private network groups. It is 
inferred that the VPN unit keeps record of an identifier of member in a table and each 
identifier is link to a virtual private network groups. 

With regard to claim 8, in combination Fijoleck et al., Casey, Rosen et al. and 
Gilrech teaches the apparatus recited in claim 7. Further comprising: means for if it is 
determined that said first node is a member of a first VPN, determining at said Head 
End device whether the destination address of said packet is within said first VPN. 
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Fijoleck et al. discloses having a head end of a cable system 26 with a cable modem 
termination system 12 in fig. 1. Fijoleck et al. further discloses having a virtual 
networking administration in a data-over-cable-system 10 (column 28 line 18-19). 
However, Fijoleck et al. does not discloses that the first node is a member of a first 
VPN, determining at said Head End device whether the destination address of said 
packet is within said first VPN. Rosen et al. discloses having a method in which a 
service provider with an IP backbone may provide VPNs (Virtual Private Networks) for 
its customers with MPLS (Multiprotocol Label Switching) is used for forwarding packets 
over the backbone (Abstract). It is inferred that this mechanism can be implemented in 
the head end of a cable system 26. Rosen et al. further discloses when a packets 
destination address is matched against a VPN-IPv4 route (page 8 line 49-51). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. matching packets destination address 
against a VPN-IPv4 route (VPN) as taught by Rosen et al. to provide a mechanism that 
will restrict packets from entering in VPNs that they are not associated with. 

With regard to claim 9, in combination Fijoleck et al., Casey, Rosen et al. and 
Gilrech teaches the apparatus recited in claim 7.further comprising means for routing 
the packet to the second node. Fijoleck et at. discloses having a having a head end of a 
cable system 26 with a cable modem termination system 12 in fig. 1 routing packets to a 
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cable modem.., the system configurations may be "one-to-one", M one-to-many M or 
"many-to- many" ( column 7 line 20-38 and fig. 1 ). It is inferred that the head end have 
the capability to route packets to other cable modems in the network. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) assigning a unique identifier SID within a packet as taught by Fijolek et al. 
being examined a VPN unit that associates identifying members with a virtual private 
network groups as taught by Gilbrech to provide a more secure cable network 

11. Claims 10 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijoleck et al. (US Patent 6,577,642) in view of Casey (US Patent 6,493,349) and 
Rosen ( "BGP/MPLS VPNs", 1999). 

With regard to claim 10, Fijoleck et al. discloses having a apparatus for 
configuring a Head End of an access network to route packets from a first node to a 
second node in the access network, Fijolek et al. discloses having a cable modem 
termination system 12 in fig 1 located in a head end of cable system 26 ( fig. 1 ). 
the apparatus comprising: means for associating particular network nodes on the , 
access network with a first virtual private network ( VPN) ; Fijoleck et al. further 
discloses having a virtual networking administration in a data-over-cable-system 10 
(column 28 line 18-19). 
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the means for assigning and then sending to the first node an ID, wherein the ID is 
assigned and sent to the first node by an entity other than the first node; Fijolek et al. 
discloses having a cable modem termination system 12 in fig. 1 that assigns service 
identifiers (SIDs) to CM (cable modems, column 15 line 17-18). However, Fijolek et al. 
means for mapping the assigned ID with at least on VPN, wherein the ID is assigned, 
sent and mapped by an entity other than the first node. Casey discloses having 
extended Internet protocol virtual private network architectures ( titles)... also assigning 
a VPN ( ID) to a first router ( " first node") linking ("mapping") VPN... VPN assigned and 
linked second router ("entity other than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system. 12 
(CMTS) as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first 
router and second router as taught Casey to provide a more scalable VPN 
infrastructure. 

the means for associating the assigned ID with the first VPN to thereby cause the first 
node to be associated with the first VPN, wherein the assigned ID is associated by the 
entity other than the first node. Fijoleck et al. (6,577,642) discloses having a cable 
modem termination system 12 in fig. 1 that assigns service identifiers (SIDs) to CM 
(cable modems, column 15 line 17-18). However, Fijolek et al. means for mapping the 
assigned ID with at least on VPN, wherein the ID is assigned, sent and mapped by an 
entity other than the first node. Casey discloses having extended Internet protocol 
virtual private network architectures ( titles)... also assigning a VPN ( ID) to a first router 
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( " first node") linking ("mapping") VPN... VPN assigned and linked second router 
("entity other than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first 
router and second router as taught Casey to provide a more scalable VPN 
infrastructure. 

With regard to claim 11, in combination Fijoleck et al., Rosen et al. and Casey 
teaches the apparatus recited in claim 10.further means for including mapping a 
particular sub- interface of the Head End to the first VPN. Fijoleck et al. discloses having 
a head end of a cable system 26 in fig. 1. Fijolek et al. further disclose having a virtual 
network administration in a data-over-cable-system (column 28 line 18-19). However, 
Fijoleck et al. does not disclose means for including mapping a particular sub-interface 
of the Head End to the first VPN. Rosen et al. discloses that one could divide the 
interface into multiple "sub-interfaces"., and assign the packets to a VPN based on the 
on the sub- interface over which it arrives (page 7 paragraph 3.1 line 11-17).1t is 
inferred that this mechanism can be implemented in the head end of the data-over- 
cable-system and that the head end also can limited to a particular VPN. 
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Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 

Allowable Subject Matter 

12. Claim 3 and 4 would be allowable if rewritten or amended to overcome the 
rejection(s) under 35 U.S.C. 112, 2nd paragraph, set forth in this Office action. 

Prior Art 

13. The prior art made record and not relied upon is considered pertinent to 
applicant's disclosure: 

Jagannath et al. ( US Patent 7,095,740) discloses having a method and apparatus for 
virtual overlay networks. 

Le Goff et al. ( US Patent 6,438,127) discloses having a process and apparatus for the 
operation of virtual private networks on a common data packet communication network. 
Fox et al. (" Virtual Private Networks Identifier" RFC 2685, September 1999) discloses 
having using a Virtual Private Networks Identifier. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DeWanda Samuel whose telephone number is (571) 
270-1213. The. examiner can normally be reached on Monday- Thursday 8:30-5:30 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ricky Q. Ngo can be reached on (571 ) 272-3139. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



DeWanda Samuel 
12/1/2007 



RICKY Q>NGO 

SUPERVISORY PATENT EXAMINER 




